CVE-2023-33837: IBM Security Verify Governance information disclosure

Q: What is the severity of CVE-2023-33837?

The severity of CVE-2023-33837 is medium with a CVSS score of 4.1.

Q: How does IBM Security Verify Governance version 10.0 handle sensitive information?

IBM Security Verify Governance version 10.0 does not encrypt sensitive or critical information before storage or transmission.

Q: Who is affected by the IBM Security Verify Governance information disclosure vulnerability?

IBM Security Verify Governance version 10.0 is affected by the information disclosure vulnerability.

Q: How can I learn more about the IBM Security Verify Governance information disclosure vulnerability?

You can find more information about the IBM Security Verify Governance information disclosure vulnerability at the following links: [Link 1](https://exchange.xforce.ibmcloud.com/vulnerabilities/256020), [Link 2](https://www.ibm.com/support/pages/node/7057377).

Published Oct 22, 2023

Updated

IBM Security Verify Governance 10.0 does not encrypt sensitive or critical information before storage or transmission. IBM X-Force ID: 256020.

Other sources

IBM Security Verify Governance does not encrypt sensitive or critical information before storage or transmission.

— IBM

Affected Software

2 affected components

IBM Security Verify Governance<=10.0

IBM Security Verify Governance=10.0

Remediation

Patch Available

https://www.ibm.com/support/pages/node/7057377

Event History

Oct 22, 2023

CVE Published

via IBM·12:00 AM

Oct 23, 2023

CVE Published

via MITRE·07:47 PM

Data Sourced

via MITRE·07:47 PM

DescriptionSeverityWeakness

Parent advisories

This vulnerability appears in the following advisories.

IBM-7057377

Frequently Asked Questions

What is IBM Security Verify Governance information disclosure?

IBM Security Verify Governance 10.0 does not encrypt sensitive or critical information before storage or transmission.

What is the severity of CVE-2023-33837?